Description

Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.

Remediation

References

CVE-2016-6333

Related Vulnerabilities

WordPress Plugin Content Audit Blind SQL Injection (1.6)

Python Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-4472)

WordPress Plugin Welcart e-Commerce Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (1.2.1)

WordPress Plugin Crelly Slider Multiple Unspecified Vulnerabilities (1.1.1)

WordPress Plugin Print My Blog-Print, PDF, & eBook Converter Server-Side Request Forgery (1.6.5)

Severity

Medium

Classification

CVE-2016-6333 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities